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I. MAPPING OF DECLARATION AND EXHIBITS TO THE CLAIMS 

The following chart correlates the content of the declaration and exhibits previously 

submitted by the applicants to the elements, steps and limitations of the claims. 

The following abbreviations are used to identify the documents previously submitted by 

the applicants. 

DECL-Rule 1.131 Affidavit executed by Inventor. 

CPOL-Redacted copy of the inventor's original disclosure as recorded in the assignee's 
"Cisco Patents On-line" (CPOL) system. 

ENG-1— Document ENG-25670, "IOS CNS/AD Client System Functional 
Specification." 

ENG-2— Document ENG-29746, "Cisco Network Services (CNS) Internet Operating 
System (IOS) 12.0.5T Program Plan." 

ENG-3— Document ENG-28376, "CNS IOS Event Service Client System Functional 
Specification." 

ENG-4— Document ENG-23055, "Internetworking Operating System ("IOS") Cisco 
Network Services for Active Directory ("CNS/AD") Client Program Plan (12.0.4) 

Generally, the documents of the previously submitted Exhibit show that the software 
element termed "CNS Client" in the documents included all elements recited in the claims. The 
inventor's declaration states that the CNS Client (with features described) is part of the product 
that was released for sale. The CPOL document, in the section Cisco Use, states that "CNS 
Client for IOS (the directory-enabling element) is being released in IOS 12.0.4." This indicates 
that the CPOL document was written after the CNS Client was implemented (reduced to 
practice), and, in fact, indicates that the CNS Client is already included in a product released for 
sale. 
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CLAIM 1 



Claim Elements 



Facts Showing Reduction to Practice in the 
Exhibits and Declaration 



A directory-enabled network element 



DECL, p. 2-3: "Cisco Systems, Inc. 
commercially released an embodiment of the 
invention before September 10, 1999, but not 
more than a year before the filing data of the 
present patent application, as part of the 
following Cisco software products: CNS for 
Client for IOS in IOS Release 12.0.4; and CNS 
for IOS II for IOS Release 12.0.5. Both the 
products CNS for Client for IOS in IOS 
Release 12.0.4 and CNS for IOS II for IOS 
Release 12.0.5 are referenced in Patent Idea 
Details for Idea #41685". See CPOL, section 
Cisco use, pp. 2 and 4. The preceding 
statement applies to all claims, as stated in the 
Declaration. 



ENG-1, p. 1: "The project provides 
infrastructure for IOS applications to query 
and access data that resides in a Directory 
Server via LDAP V3." Thus, an embodiment 
of the referenced element is a network device 
running IOS, using an IOS client that can 
access the Directory Server via LDAP. 

ENG-1, p. 2: "This project is a standard IOS 
infrastructure project that provides the 
infrastructure for IOS applications to query, 
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access and update data that resides in a 




Directory Server via Lightweight Directory 




Access Protocol (LDAP)." 




ENG-1, p. 3: "This project implements LDAP 




V3 clients plus enhancements on IOS 




platforms. The feature is platform independent 




and it should function in all platforms. LDAP 




support will enable the routers and switches to 




communicate with any vendor's directory to 




discover information stored on the directory." 



CLAIM 2 



Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled network element as 

recited in Claim 1, comprising: 

a directory enabling element installed in and 
executed by the network element, and 
configured to query, access, and update 
directory information that is managed by a 
directory service of a network that includes 
the network element. 


In an embodiment, the directory enabling 
element is the directory-enabled CNS client. 

ENG-1, p. 2: "This project is a standard IOS 
infrastructure project that provides the 
infrastructure for IOS applications to query, 
access and update data that resides in a 
Directory Server via Lightweight Directory 
Access Protocol (LDAP)." 

ENG-1, p. 3: "This project implements LDAP 
V3 clients plus enhancements on IOS 
platforms. The feature is platform independent 
and it should function in all platforms. LDAP 
support will enable the routers and switches to 
communicate with any vendor's directory to 
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discover information stored on the directory." 




CPOL, p.2: Cisco Use: CNS Client for IOS is 




being released in IOS 12.0.4. It is part of the 




following images/platforms: [long long list of 




routers on which the client runs]. 



CLAIM 3 



Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled network element as recited 

in Claim 1, comprising: 

a directory enabling element installed in and 
executed by the network element, and 
configured to query, access, and update 
directory information that is managed by a 
directory service of a network that includes 
the network element; 


Same as in Claim 2 


an application programming interface coupled 
to the directory enabling element and 
configured to receive directory services 
requests from application programs and 
provide the directory services requests to 
the directory enabling element 


ENG-1, p. 4: Figure 4 depicts IOS CNS Client 
APIs, and Locator Services, Event Services, 
CNS Extension Libraries as accessible by or 
connected to LDAP V3. 
ENG-1, p. 4: In section 2.2.1, LDAP V3 is 
described as a feature of the product that 
supports all protocol elements of RFC 1777 
(which describes requirements for receiving 
directory services requests from clients and for 
providing the directory services requests to the 
client). "LDAP V3 supports schema discovery, 
so an LDAP client can learn about the 
structure of the information in a directory. 
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Because LDAP must be able to search, read, 




and nndate server information on behalf of the 




client, the client must have prior knowledge of 




the directory's schema, or have some facility 




fnr HiQpnvprincT jinH in tern refiner the Qphema *' 

l\Ji UiOLU V vliilg allU llll^l LfL wlllli^ Lliw OlsJ.lwiiJ.C1.. 




ENG-1, p. 11: Section 3.2.1.2 states "The full 




set of LDAP APIs will be supported on IOS." 




ENG-1, p. 12: Table 1 : LDAP V3 API 




describes all the API function calls with their 




functionality. 



CLAIM 4 



Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled network element as recited 

in Claim 1, comprising: 

a directory enabling element installed in and 
executed by the network element, and 
configured to query, access, and update 
directory information that is managed by a 
directory service of a network that includes 
the network element; 


Same as in Claim 2 


an application programming interface coupled 
to the directory enabling element and 
configured to receive directory services 
requests from application programs and 
provide the directory services requests to 
the directory enabling element; 


Same as in Claim 3, element LDAP API 


a locator service coupled to the directory 


ENG-1, p. 4: In section 2.2.2, Locator Services 
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enabling element and accessible using the 
application programming interface and 
configured to locate servers that provide 
the directory services in the network 


are described as a feature of/coupled to the 
CNS Client, allowing the client to locate the 
closet directory server in the network. 
ENG-1, p.15: Section 3.2.2 states that 
"Locator Services client will use the IOS 
DistributedDirector to locate the closest 
Directory server in the network." 

ENG-1, pp.15-19: Locator API - 
DsGetDcName API is described in great 
detail, including input/output parameters for 
the API, Flags, Error Codes, and Domain 
Controller Info field definitions. 


CLAIM 5 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled network element as recited 

in Claim 1, comprising: 

a directory enabling element installed in and 
executed by the network element, and 
configured to query, access, and update 
directory information that is managed by a 
directory service of a network that includes 
the network element; 


Same as in Claim 2 


a bind service in the directory enabling element 
and coupled to a security protocol and 
configured to bind an external application 
program to the security protocol. 


ENG-1, p. 14: In section 3.2.1.3, the Bind 
Operation feature is described as part of the 
CNS Client, and has functionality for initiating 
a protocol session between a client and a 
server, and allow the authentication of the 
client to the server. 
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CLAIM 6 



Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled network element as 
recited in Claim 2, further comprising: 
a Unicode translation service configured to 
query, access, and update directory 
information that is encoded in a Unicode 
international character format 


ENG-1, p. 15: In section 3.2.1.4, titled Unicode 
and UTFS Support, "one of the key 
enhancements in LDAP v3 is the support for 
international character sets by means of utf8 
encoding. . . . Following utf8 functions need to 
be provided so that applications expecting 
international character strings can handle them 
properly. . . [a list of the functions 
implementing character string manipulation 
and translation is provided] ." 


CLAIM 7 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled network element as recited 

in Claim 1, comprising: 

a directory enabling element installed in and 
executed by the network element, and 
configured to query, access, and update 
directory information that is managed by a 
directory service of a network that includes 
the network element; 


Same as in Claim 2 


a locator service coupled to the directory 
enabling element and configured to locate 
servers that provide the directory services 
in the network; 


Same as in Claim 4, element Locator service 


an event service coupled to the directory 

enabling element and configured to receive 


ENG-3 is the functional specification of the 
Event Service Client, with descriptions of all 
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registration of an event and an associated 
responsive action from an application 
program, notify the application program 
when the event occurs, and execute the 
associated responsive action in response 
thereto 


functions in the API 

ENG-3, p.l: System Overview: "The IOS CNS 
Client consists of a thin software component, 
Event Service Client (ESC), which depends on 
the rest of the features of IOS CNS Client 
(LDAP V3 and Locator). ESC links network 
elements and directory-enabled desktop 
applications through use of directory 
technology. ESC will be implemented as a 
Server and a Subsystem in IOS Classic" 

ENG-3, p. 2: Figure in Section 1.2.1 describes 
the overall architecture of Event Service client, 
(shows integration with the CNS client) 

ENG-3, p. 3: Figure describes the process of 
ESC registering with the Event Server, 
listening for events, consumer application 
registers itself with the Event Server, ESC 
detecting the event, and notifies the consumer 
application by using the applications callback 
functions. 


CLAIM 8 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled network element as recited 
in Claim 1, comprising: 
a directory enabling element installed in and 
executed by the network element, and 


Same as in Claim 2 
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configured to query, access, and update 
directory information that is managed by a 
directory service of a network that includes 
the network element; 




an application programming interface coupled 
to the directory enabling element and 
configured to receive directory services 
requests from application programs and 
provide the directory services requests to 
the directory enabling element; 


Same as in Claim 5, element API 


a locator service coupled to the directory 
enabling element and accessible using the 
application programming interface and 
configured to locate servers that provide 
the directory services in the network; 


Same as in Claim 4, element locator service 


an event service coupled to the directory 
enabling element and accessible using the 
application programming interface and 
configured to receive registration of an 
event and an associated responsive action 
from an application program, notify the 
application program when the event occurs, 
and execute the associated responsive 
action in response thereto. 


Same as in Claim 7, element event service 


CLAIM 9 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled network element as recited 

in Claim 1, comprising: 

a directory enabling element installed in and 


Same as in Claim 2 
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executed by the network element, and 
configured to query, access, and update 
directory information that is managed by a 
directory service of a network that includes 
the network element; 




a locator service coupled to the directory 
enabling element and configured to locate 
servers that provide the directory services 
in the network; 


Same as in Claim 4, element locator service 


a group policy interface coupled to the 

directory enabling element and configured 
to receive and update the directory service 
with one or more definitions of directory 
services policies that apply to groups of 
network devices in the network 


ENG-2, p.l: Describes the 12.0.5 release of the 
CNS client including all features of the 12.0.4 
CNS Client plus CNS GPO API and IPSec 
Policy Agent. "Group Policy allows an 
organization to reduce TCO by allowing 
administrators to define centralized policies 
and applying them to groups of objects using 
the infrastructure provided by Cisco Directory 
Services. CNS GPO Resolver Service 
impersonates an IOS client to retrieve and send 
back policy information from Directory 
Services, requested by the IOS through use of 
GPO API." 

ENG-2, p.2: Figure 1 shows a Group Policy 
API as part of the components of IOS Classic 
12.0.4T/12.0.5T 

ENG-2, p.5: The CNS GPO Resolver Service 
is described as: "This is an NTS workstation 
based on the "CNS/AD GPO Resolver Service 
API for IOS - Software Unit Functional 
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Specification" (ENG-29745). This daemon 
has been implemented and unit-tested under 
NT5, and so is the API. 
ENG-2, p.6: Test Engineering Tasks describe 
- Integration testing for the GPO/IPSec GPO 
client, indicating that the GPO client HAS 
already been implemented. 


CLAIM 10 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled network element as recited 

in Claim 1 5 comprising: 

a directory enabling element installed in and 
executed by the network element, and 
configured to query, access, and update 
directory information that is managed by a 
directory service of a network that includes 
the network element; 


Same as in Claim 2 


a bind service in the directory enabling element 
and coupled to an security protocol and 
configured to bind an external application 
program to the security protocol; 


Same as in Claim 5, bind element 


an event service coupled to the directory 
enabling element and accessible using the 
application programming interface and 
configured to receive registration of an 
event and an associated responsive action 
from an application program, notify the 
application program when the event occurs, 


Same as in Claim 7, event service element 
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and execute the associated responsive 
action in response thereto. 




CLAIM 11 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled packet router for a packet- 
switched network 


CPOL, p.2: "A CNS Client for IOS is being 
released in IOS 12.0.4. It is part of the 
following images/platforms: [long list of 
routers follows]. 

Example of a Router: CPOL, p.2: Cisco Use: 
"1. Enterprise Images ... c7200-js-mz /7200" 
(7200 is the platform on which the image 
including the CNS Client runs) 


CLAIM 12 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled packet router as recited in 
Claim 11, comprising: 

a directory enabling element installed in and 
executed by the router, and configured to 
query, access, and update directory 
information that is managed by a directory 
service of a network that includes the 
router; 


Same as in Claim 2 


a bind service in the directory enabling element 
and coupled to a security protocol and 
configured to bind an application program 
to the security protocol; 


Same as in Claim 5, bind element 


an event service coupled to the directory 


Same as in Claim 7, event service element 
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enabling element and accessible using the 
application programming interface and 
configured to receive registration of an 
event and an associated responsive action 
from an application program, notify the 
application program when the event occurs, 
and execute the associated responsive 
action in response thereto. 




CLAIM 13 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled network data switch for a 
packet-switched network 


CPOL, p.2: Cisco Use: CNS Client is being 
released in IOS 12.0.4. It is part of the 
following images/platforms: [a huge list 
follows, it should include a data switch] 
Example of a Switch: CPOL, p. 2: Cisco Use: 
"5. Enterprise Plus 40 . . .. C4500-js40-mz 
4500/4700/4500-m" (4500/4700/4500-m are 
the platforms on which the image including the 
CNS client runs) 


CLAIM 14 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory-enabled network data switch as 

recited in Claim 13, comprising: 

a directory enabling element installed in and 
executed by the switch, and configured to 
query, access, and update directory 
information that is managed by a directory 


Same as in Claim 2 
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service of a network that includes the 
switch; 




a bind service in the directory enabling element 
and coupled to a security protocol and 
configured to bind an application program 
to the security protocol; 


Same as in Claim 5, bind element 


an event service coupled to the directory 
enabling element and accessible using the 
application programming interface and 
configured to receive registration of an 
event and an associated responsive action 
from an application program, notify the 
application program when the event occurs, 
and execute the associated responsive 
action in response thereto. 


Same as in Claim 7, event service element 


CLAIM 15 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A method of using a directory-enabled network 
element to query, access, or update directory 
information of a directory service of a network 
that includes the directory-enabled network 
element, wherein the directory-enabled 
network element comprises a directory 
enabling element installed in and executed by 
the network element, and configured to query, 
access, and update directory information that is 
managed by a directory service of a network 
that includes the network element; the method 
comprising the steps of: 


Same as in Claim 1 - directory-enabled query 
element and its functions 
Same as in Claim 2 - directory enabling 
network element and its funtions 
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binding the application program to the security 
protocol; 


Same as in Claim 5 - bind element and its 
functions 


creating an event and an associated responsive 
action that are associated with the 
application program; 


Same as in Claim 7 - event service element 
and its functions 


in response to occurrence of the event, 

executing the responsive action, obtaining 
policy information from the directory 
service, and converting the policy 
information into one or more commands 
that are executable by the directory-enabled 
network element 


Same as in Claim 7 — event service client 
component, in combination with Claim 9 — 
group policy interface. 


CLAIM 16 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A computer-readable medium carrying one or 
more sequences of instructions for using a 
directory-enabled network element to query, 
access, or update directory information of a 
directory service of a network that includes the 
directory-enabled network element, wherein 
execution of the one or more sequences of 
instructions by one or more processors causes 
the one or more processors to perform the steps 
of: 


Same as in Claim 1 and 2 


creating and storing a directory enabling 
element installed in and executed by the 
network element, and configured to query, 
access, and update directory information 
that is managed by a directory service of a 


Same as in Claim 2, directory enabling 
element and its functionality 
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network that includes the network element 




binding the application program to the security 
protocol; 


Same as in Claim 5, bind element and its 
functionality 


creating an event and an associated responsive 
action that are associated with the 
application program 


Same as in Claim 7, event service element and 
its functionality 


in response to occurrence of the event, 

executing the responsive action, obtaining 
policy information from the directory 
service, and converting the policy 
information into one or more commands 
that are executable by the directory-enabled 
network element. 


See Claim 75, last element 


CLAIM 17 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A computer-readable medium as recited in 
Claim 16, wherein execution of the one or 
more sequences of instructions by one or more 
processors causes the one or more processors 
to perform the further steps of: 
locating a nearest directory server and binding 

the application program to the nearest 

directory server that is located; 


Same as in Claim 4, locator service element 
and its functionality 

Same as in Claim 5, bind operation element 
and its functionality 


locating a nearest event server and binding the 
application program to the nearest event 
server that is located 


Same as in Claim 4 t locator service element 
and its functionality 

Same as in Claim 7, event service element and 
its functionality 
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CLAIM 18 



Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A computer-readable medium as recited in 
Claim 16, wherein execution of the one or 
more sequences of instructions by one or more 
processors causes the one or more processors 
to perform the further steps of: 
translating the policy information into one or 
more values that are ready to apply to a 
router, whereby a virtual private network is 
created between the router and another 
network device. 


ENG-2, p.l : States that one of the IOS 
applications that will make use of the CNS 
Client is CNS Policy-based VPN. 


CLAIM 19 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A computer-readable medium as recited in 
Claim 16, wherein execution of the one or 
more sequences of instructions by one or more 
processors causes the one or more processors 
to perform the further steps of: 
translating the policy information into one or 
more values that are ready to apply to a set 
of internal data structures of a router, by 
calling one or more internal NOS API 
functions, whereby a dynamic IPSEC 
configuration is created that connects the 
router and at least one other network 
device 


ENG-2, p.l: CNS GPOAPI and IPSec Policy 
Agent - "CNS GPO Resolver Service 
impersonates an IOS client to retrieve and send 
back policy information from Directory 
Services, requested by the IOS client through 
use of GPO API. 
ENG-2, p.2: Figure 1 

ENG-2, p.5: "IOS IPSec GPO Policy Agent is 
an IOS GPO Client for IPSec policy. It will 
use the CNS GPO API to communicate policy 
information between Directory Service and an 
IOS Device. (IOS device is a router) 
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CLAIM 20 



Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A computer-readable medium as recited in 
Claim 16, wherein execution of the one or 
more sequences of instructions by one or more 
processors causes the one or more processors 
to perform the further steps of establishing an 
application programming interface coupled to 
the directory enabling element and configured 
to receive directory services requests from 
application programs and provide the directory 
services requests to the one or more processors 


Same as in Claim 3, element API 


CLAIM 21 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory services-enabled network element 


Same as in Claim 3, element API 

CPOL, p.2: Cisco Use: "CNS Client for IOS is 
being released in IOS 12.0.4. It is part of the 
following images/platforms: [ a list of routers 
follows]." Since the API, as described in 
Claim 3, enables access by the client to 
directory services, then any router or switch 
[from the list above] running the CNS Client is 
"a directory services-enabled network 
element" 
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CLAIM 22 



Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A system comprising a network element 
enabled to automatically interface with 
directory services 


Same as in Claim 21 - installing and 
executing, by a router, of a CSN client allows 
the router to automatically interface with the 
directory services. 


CLAIM 23 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


The system of claim 22, wherein the network 
element obtains policy information from the 
directory services and updates the directory 
service 


Same as in Claim 22, combined with the 
Group Policy Interface as described in Claim 
9. 


CLAIM 24 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


The system of claim 22, wherein the network 
element includes a protocol agent for 
interfacing with the directory services 


ENG-2, p.l: Examples of agents interfacing 
with the directory services include the CNS 
Configuration Notify Agent, and the CNS 
Provision Agent 


CLAIM 25 


Claim Elements 


Facts Showing Reduction to Practice in the 
Exhibits and Declaration 


A directory services-enabled packet router for 
a packet-switched network 


CPOL, p.2: Cisco Use - includes a huge list of 
directory services enabled routers that can be 
used in packet-switched (EP) networks. 
See Claim 21. 
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